Docker process still runs under root, so if container escapes it, it may be bad for users. Even if it runs under your user, there is a risk for it to access more information than allowed.

There are some notes I made year ago while wotking with CyberFund on CyberNode concept — which is essentially a toolkit to let people run nodes easily and as securely as possible.

One of the conventions was to provide `/cyberdata` mount with different folders and run Docker under cyber user. Ideally each container could run with its own user to prevent access to sensitive data if one container is broken.

May be a little paranoid, but losing private keys is not a joke.

--

--

--

Devil’s Advocate

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Anatoli Babenia

Anatoli Babenia

Devil’s Advocate

More from Medium

Why I Studied History — And What I Plan To Do With It

Teaching Through Doing

Why you should write ?

Adaptability in Me